Roderick W. Smith - 2016-04-24

Hi all,

I've just released rEFInd 0.10.3. It's not dramatically different, but it does have a new Linux support script, refind-mkdefault, which resets rEFInd as the default boot program should that be changed. This should help with recovery from "boot coups," as I call the problem where an unwanted tool takes over the boot process. (See my new page on this subject.)

In preparing this release, I ran across a bug in Ubuntu 16.04: The sbsign utility in that release is buggy, and segfaults randomly (about 1/3 to 1/2 the time). See this bug report I filed on the problem for details. This bug makes installing rEFInd on an Ubuntu 16.04 system with Secure Boot enabled problematic, especially from the PPA, because such installations rely on sbsign to sign the rEFInd binary and the binary for any filesystem driver that gets installed. There are a number of workarounds to this problem:

  • Disable Secure Boot. Note that you'll either need to leave it disabled or manually sign rEFInd and your driver(s) -- and re-sign them if sbsign segfaults on you.
  • Uninstall the sbsigntool package and install rEFInd from the Debian package I provide on Sourceforge, rather than from the PPA. This bypasses the problem because the binaries on Sourceforge are signed with my key and, with sbsigntool uninstalled, will not be re-signed. Note that this may require registering the EFI\refind\keys\refind.cer MOK file when you next reboot.
  • Install rEFInd from something other than Ubuntu 16.04. Note that if you've used the PPA to install rEFInd before, it will try to upgrade, so you might want to temporarily uninstall the package.
  • Refuse upgrades to rEFInd until that bug is fixed.
  • Install an older working version of sbsigntool and block an upgrade until the bug is fixed. (Note that I've not tried this myself; I'm just guessing that it will work.)

I apologize for the inconvenience, but sbsign is a critical bit of infrastructure, especially when using the Ubuntu PPA and Secure Boot. With any luck the problem will be fixed soon.